Not familiar with MSI details but I hope any changes
won't be a problem for SPP which is useful because
it *doesn't* require special permissions---just enough
to create the folder...

--Chris
On Thu, May 15, 2014 at 1:25 PM, Jan Dubois <j...@activestate.com> wrote:
> On Thu, May 15, 2014 at 8:35 AM, kmx <k...@atlas.cz> wrote:
> > it says that PATH contains directories (c:\strawberry\c\bin
> > c:\strawberry\perl\site\bin c:\strawberry\perl\bin) which are writable by
> > too wide group of users (built-in Users or even Authenticated Users).
> [...]
> > I feel that our MSI should probably set some filesystem ACL on
> C:\strawberry
> > (which is supported by WiX Toolset we use for MSI creation) but I am not
> > sure what it should be (e.g. Administrators+SYSTEM/FullControl,
> > Users/Read+Execute ?). Any ideas or preferably experiences with building
> MSI
> > are welcome.
>
> The problem is that if you set a more restrictive ACL, then you will
> always need to run from an elevated shell to install additional
> modules from CPAN. So you have to make a choice between convenience
> and security. My personal opinion: setting a restrictive ACL makes
> sense on a server, but not on a user's desktop.
>
> Cheers,
> -Jan
>